python - Flask-Limiter is not called on Flask-Restful API's method_decorators

Question

I've tried to follow some questions with no luck:

• Flask-Limiter does not work with Flask-Restful API-based application
• Rate Limiting Endpoints using flask-limiter

Due to outside of context issue I created a limiter function in a util.py file as follow:

def limiter():
    _limiter = Limiter(
        app,
        key_func=get_remote_address
    )
    return _limiter

And in my Flask-Restful API resource I have called this limiter in method-decorators:

from ..utils import limiter

class UsersView(Resource, CustomAPIMixin):
     method_decorators = [limiter().limit("1/minute", methods=["GET"])]

     @jwt_authenticate()
     def get(self):
         user_id = get_jwt_identity()
         return self.api_response(content={"user_id": user_id})

NOTE: I'm using Flask version 2 and Flask-Limiter 1.4

---

EDIT-1:

my_api
    models
    scripts
    views
         users.py
    __init__.py  # contains create_app() to return Flask app
    utils.py. # contains custom rate_limit() function

---

EDIT-2: Here is the full working code that Flask-Limiter does not work on:

• https://github.com/alirezastack/ratelimit_api

Answer 1

The Flask-Limiter documentation gives an example that fits this case: https://flask-limiter.readthedocs.io/en/stable/#using-flask-pluggable-views

If you set decorators instead of method_decorators it should fix your issue.

Here is a fully working sample that demonstrates rate limiting for the provided code.

from flask import Flask
from flask_restful import Resource, Api
from flask_limiter import Limiter
from flask_limiter.util import get_remote_address


app = Flask(__name__)
api = Api(app)


def limiter():
    _limiter = Limiter(
        app,
        key_func=get_remote_address
    )
    return _limiter


class CustomAPIMixin:
    def api_response(self, content):
        return content


def get_jwt_identity():
    return 0


class UsersView(Resource, CustomAPIMixin):
    decorators = [limiter().limit("1/minute", methods=["GET"])]

    # @jwt_authenticate()
    def get(self):
        user_id = get_jwt_identity()
        return self.api_response(content={"user_id": user_id})


api.add_resource(UsersView, '/')

if __name__ == '__main__':
    app.run(debug=True)